[38022] in North American Network Operators' Group
ORBS (Re: Scanning)
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Sun May 27 10:17:50 2001
Date: Sun, 27 May 2001 14:15:06 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@merit.edu
In-Reply-To: <20010527060224.CC32AF9@proven.weird.com>
Message-ID: <Pine.LNX.4.20.0105271400260.22471-100000@www.everquick.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> Date: Sun, 27 May 2001 02:02:24 -0400 (EDT)
> From: Greg A. Woods <woods@weird.com>
>> But, ORBS remains indefensible.
> It would seem that I have no problems either defending it, or using it.
ORBS catches far more than MAPS. My take is that anybody who has a
problem with the infrequent ORBS probes should have a huge problem with
the daily bombardment of relay attempts.
Besides, whoever said that one must use ORBS "out of the box"? I maintain
a whitelist of IP addresses to override ORBS. As much as I'd like to see
Earthlink get a clue, MSN close their relays (have they yet?), and
RoadRunner cooperate, I allow their MXes through when I find them.
Modern spammers have gotten nasty. They use hundreds of different relays,
each time changing the source address:
a57e6s@t8iji7.somedomain.tld
in46hi@diief4.anotherdomain.tld
xkm8ey@ithi62.yetanotherdomain.tld
with * DNS so that all subdomains resolve, and the subject:
I have no respect for netiquette!!!!! [i35ed7]
I have no respect for netiquette!!!!! [ed8ooe]
I have no respect for netiquette!!!!! [h8qi2h]
So as to throw off MXes that look for the same message again and again.
I suppose that scanning the body and looking for repetition is possible,
but it's only a matter of time until _that_ get perturbed in 100 different
fashions.
Bottom line: Blocking mail from rogue servers is the best way to stop
spam and to not be a party to somebody else getting relay-raped. Anyone
with clue closed relays how many years ago?
I don't buy the "we need open relay for nationwide users" argument,
either. Build a cheap MX that does nothing but take mail from a given
POP, and send it to the world. Anti-spoofing at the border, don't accept
mail from the outside world, and you're done.
Eddy
---------------------------------------------------------------------------
Brotsman & Dreger, Inc.
EverQuick Internet Division
Phone: (316) 794-8922
---------------------------------------------------------------------------
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist@brics.com>, or you are likely to be blocked.
